If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Enjoy an ad free experience by logging in. Not a member yet? Register.

Pdo prepare statement

I am storing text in a database table. Some of the saved text have apostrophes. Using PDO prepare statements I have been able to get them into the table, but when I SELECT them the text is cut off at the apostrophe. Can anyone tell me what I am doing wrong. I want single quotes to be escaped in in the Description field.

This isn't an issue with MySQL or PDO.
The data is intact as you requested it. What you need to do is translate the characters you want to display within the html. Convert it using htmlentities or htmlspecialchars and it should display correctly within the attribute.

This isn't an issue with MySQL or PDO.
The data is intact as you requested it. What you need to do is translate the characters you want to display within the html. Convert it using htmlentities or htmlspecialchars and it should display correctly within the attribute.

I've been told I should use a prepare statement instead. It works for the Insert statement (values with single quotes are recorded in the table) but I can't get it to work with Select.

No no, I mean the data coming out. You don't need to change a thing with the storage, just how you display it. So for example, you would currently have <element title="a title with a " in it"> which of course would give you the "a title with a " as the title and ignore the remaining '" in it" part. You need to effectively make it so HTML can still render it but not to misinterpret it as a part of the HTML. So you want that to say <element title="a title with a &quot in it"> which will render correctly in the HTML. So in order to do this you simply print out the results of the description wrapped in the htmlentities or htmlspecialchars functions (both will work for single and double quotes).

Since you are using a technology that allows for prepared statements and you are accepting data from the user, definitely make use of the prepared statement.

No no, I mean the data coming out. You don't need to change a thing with the storage, just how you display it. So for example, you would currently have <element title="a title with a " in it"> which of course would give you the "a title with a " as the title and ignore the remaining '" in it" part. You need to effectively make it so HTML can still render it but not to misinterpret it as a part of the HTML. So you want that to say <element title="a title with a &quot in it"> which will render correctly in the HTML. So in order to do this you simply print out the results of the description wrapped in the htmlentities or htmlspecialchars functions (both will work for single and double quotes).

Since you are using a technology that allows for prepared statements and you are accepting data from the user, definitely make use of the prepared statement.

I've gotten it to work. Thank you for your help. I ended up using htmlspecialchars. Was this what you suggested?